summarize-whatsapp-group-chats
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
wacliCLI to perform local data retrieval tasks, such as listing group chats (wacli groups list) and fetching messages (wacli messages). These commands are standard for the tool's functionality and do not involve unauthorized privilege escalation or dangerous network operations. - [PROMPT_INJECTION]: The skill processes external data (WhatsApp message content) for summarization, which constitutes an indirect prompt injection surface.
- Ingestion points: External chat messages are read into the agent's context during the fetch step in
SKILL.md. - Boundary markers: The skill does not define specific delimiters to separate untrusted chat content from the summarization instructions.
- Capability inventory: The skill's capabilities are limited to text summarization and local file redirection (
>); it does not contain high-risk operations like network exfiltration or shell execution of the processed data. - Sanitization: No explicit sanitization or filtering of the message content is performed prior to processing.
Audit Metadata